API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 15th, 2018
117
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.43 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. /*
  4.  
  5. LE PHP en bas de page, c'est pas bon !
  6.  
  7. Conseils : Ça ne sert à rien de charger toutes les SESSIONS, il suffit de faire sur ta page PANEL un foreach qui récupére les informations de l'utilisateur.
  8. Je t'ai ajouté une INSERT INTO à la fin pour les logs de connexion, si tu le gardes, tu devras créer une table logs.
  9.  
  10. Tu as oublié dans ton ancienne connexion pas mal de chose importante, notamment le "htmlspecialchars" ou "htmlentities" qui sert à te protéger des injections XSS.
  11.  
  12. Trop de PHP ne sert à rien ;)
  13.  
  14. Si tu veux sécuriser ta page PANEL, voici le code :
  15.  
  16. if (empty($_SESSION['user']) OR empty($_SESSION['mail'])) {
  17. header("location: ../index.php");
  18. }
  19.  
  20. Concernant le foreach :
  21.  
  22. foreach($bdd->query("SELECT * FROM pn_users WHERE mail = '".$_SESSION['mail']."' ") as $row) {
  23. $prenom = $row['prenom'];
  24. $nom = $row['nom'];
  25. $rank = $row['rank'];
  26. }
  27.  
  28. */
  29.  
  30. if (isset($_POST['submit'])) {
  31. $pseudo = htmlspecialchars($_POST['user']);
  32. $password = sha1($_POST['password'])
  33. if (!empty($pseudo) AND !empty($password)) {
  34. $req = $bdd->prepare("SELECT * FROM pn_users WHERE user = ? AND password = ?");
  35. $req->execute(array($pseudo, $password));
  36. $result = $req->rowCount();
  37. if ($result == 1) {
  38. $userinfo = $req->fetch();
  39. $_SESSION['user'] = $userinfo['user'];
  40. $_SESSION['mail'] = $userinfo['mail'];
  41.  
  42. $ip = $_SERVER['REMOTE_ADDR'];
  43. $date = date("d-m-Y H:i:s");
  44.  
  45. $req = $bdd->prepare("INSERT INTO logs (user, mail, date, ip) VALUES (?, ?, ?, ?)");
  46. $req->execute(array($user, $mail, $date, $ip));
  47.  
  48. header("Location: ./panel.php");
  49.  
  50. } else {$erreur = 'Erreur : Le pseudo ou le mot de passe est invalide.';}
  51. } else {$erreur2 = 'Erreur : tous les champs doivent être remplis.';}
  52. }
  53.  
  54. ?>
  55.  
  56.  
  57. <!DOCTYPE html>
  58. <html lang="en">
  59.  
  60. <head>
  61. <!-- Required meta tags-->
  62. <meta charset="UTF-8">
  63. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
  64. <meta name="description" content="Accès panel serveur YourDev.fr">
  65. <meta name="author" content="Alex YourDev">
  66. <meta name="keywords" content="YourDev">
  67.  
  68. <!-- Title Page-->
  69. <title>YourDev: Connexion</title>
  70.  
  71. <!-- Fontfaces CSS-->
  72. <link href="css/font-face.css" rel="stylesheet" media="all">
  73. <link href="vendor/font-awesome-4.7/css/font-awesome.min.css" rel="stylesheet" media="all">
  74. <link href="vendor/font-awesome-5/css/fontawesome-all.min.css" rel="stylesheet" media="all">
  75. <link href="vendor/mdi-font/css/material-design-iconic-font.min.css" rel="stylesheet" media="all">
  76.  
  77. <!-- Bootstrap CSS-->
  78. <link href="vendor/bootstrap-4.1/bootstrap.min.css" rel="stylesheet" media="all">
  79.  
  80. <!-- Vendor CSS-->
  81. <link href="vendor/animsition/animsition.min.css" rel="stylesheet" media="all">
  82. <link href="vendor/bootstrap-progressbar/bootstrap-progressbar-3.3.4.min.css" rel="stylesheet" media="all">
  83. <link href="vendor/wow/animate.css" rel="stylesheet" media="all">
  84. <link href="vendor/css-hamburgers/hamburgers.min.css" rel="stylesheet" media="all">
  85. <link href="vendor/slick/slick.css" rel="stylesheet" media="all">
  86. <link href="vendor/select2/select2.min.css" rel="stylesheet" media="all">
  87. <link href="vendor/perfect-scrollbar/perfect-scrollbar.css" rel="stylesheet" media="all">
  88.  
  89. <!-- Main CSS-->
  90. <link href="css/theme.css" rel="stylesheet" media="all">
  91.  
  92. </head>
  93.  
  94. <body class="animsition">
  95. <div class="page-wrapper">
  96. <div class="page-content--bge5">
  97. <div class="container">
  98. <div class="login-wrap">
  99. <?php
  100. echo $msg;
  101. ?>
  102. <div class="login-content">
  103. <div class="login-logo">
  104. <a href="#">
  105. <img src="images/icon/logo.png" alt="CoolAdmin">
  106. </a>
  107. </div>
  108. <div class="login-form">
  109. <form action="./index.php" method="post">
  110. <div class="form-group">
  111. <label>Utilisateur YourDev</label>
  112. <input class="au-input au-input--full" type="text" name="user" placeholder="Nom d'Utilisateur YourDev">
  113. </div>
  114. <div class="form-group">
  115. <label>Mot de passe</label>
  116. <input class="au-input au-input--full" type="password" name="password" placeholder="Mot de passe">
  117. </div>
  118. <div class="login-checkbox">
  119. <label>
  120. <a href="#">Mot de passe oublié?</a>
  121. </label>
  122. </div>
  123. <input class="au-btn au-btn--block au-btn--green m-b-20" value ="CONNEXION" name="submit" type="submit">
  124. </form>
  125. </div>
  126. </div>
  127. </div>
  128. </div>
  129. </div>
  130. </div>
  131. <!-- Jquery JS-->
  132. <script src="vendor/jquery-3.2.1.min.js"></script>
  133. <!-- Bootstrap JS-->
  134. <script src="vendor/bootstrap-4.1/popper.min.js"></script>
  135. <script src="vendor/bootstrap-4.1/bootstrap.min.js"></script>
  136. <!-- Vendor JS -->
  137. <script src="vendor/slick/slick.min.js">
  138. </script>
  139. <script src="vendor/wow/wow.min.js"></script>
  140. <script src="vendor/animsition/animsition.min.js"></script>
  141. <script src="vendor/bootstrap-progressbar/bootstrap-progressbar.min.js">
  142. </script>
  143. <script src="vendor/counter-up/jquery.waypoints.min.js"></script>
  144. <script src="vendor/counter-up/jquery.counterup.min.js">
  145. </script>
  146. <script src="vendor/circle-progress/circle-progress.min.js"></script>
  147. <script src="vendor/perfect-scrollbar/perfect-scrollbar.js"></script>
  148. <script src="vendor/chartjs/Chart.bundle.min.js"></script>
  149. <script src="vendor/select2/select2.min.js">
  150. </script>
  151.  
  152. <!-- Main JS-->
  153. <script src="js/main.js"></script>
  154.  
  155. </body>
  156.  
  157. </html>
  158. <!-- end document-->
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!